Bottom Line

You still need standard signature-based antivirus protection—those old viruses, Trojans, and other malicious programs aren't going away. But antivirus alone isn't sufficient to protect you against zero-day exploits. Zero-day means it's never been seen before, so there's no way a signature could exist. Malwarebytes Anti-Exploit Free, the free, feature-limited version of Malwarebytes Anti-Exploit Premium, protects against exploits and doesn't need any signatures. Read my review of the premium edition, everything in that review applies to the free edition as well, with a few exceptions that 'll summarize here.

Browser Protection

The free edition injects protection into Chrome, Firefox, Internet Explorer, and Opera, protecting both the browser and any add-ins. It also protects Java. For $24.95 per year, the premium edition extends protection to Microsoft Office applications as we as to popular PDF readers and media players.

In the premium edition, you can turn protective shields on and off for particular applications, and even create custom shields. The free edition's settings are fixed; it shields those five specific programs, no more and no less.

It Works! Each exploit targets a very specific version of the victim application, and most won't work with a different version. That makes testing tough, because Malwarebytes won't trigger unless the exploit has potential to succeed. Malwarebytes commissioned a test by security blogger Kafeine, to demonstrate that the product works. Kafeine hit Malwarebytes with targeted variants of the 11 most common exploit kits. It blocked them all.

I wanted hands-on experience, so I enlisted help from analysis firm MRG-Effitas. The company's CTO supplied me with in-the-wild exploits captured using the Fiddler Web Debugger. I carefully configured a victim system with the correct program versions and launched the recorded attacks. Malwarebytes blocked them.

Kafeine also supplied me with a half-dozen real-world sites currently compromised by exploits, including one major retailer. A couple had already been fixed, but Malwarebytes blocked the rest.

Worthwhile Protection Malwarebytes Anti-Exploit Free doesn't spend bandwidth on updates, and it takes up just 3MB on disk. It's a worthwhile addition to your collection of security tools. You won't even know it's there, unless it blocks an exploit. For those who are mainly worried about Web-based attacks, the browser protection it offers may be sufficient. If you're also concerned about targeted attacks, or attacks coming via documents and PDFs, considering springing for Malwarebytes Anti-Exploit Premium.

More Inside PCMag.com

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips and solutions on using DOS and Windows, his technical columns clarified fine points in programming and operating systems, and his utility articles (over forty of ... See Full Bio